CVE-2025-32943

Опубликовано: 15 апр. 2025

Источник: nvd

CVSS3: 3.7

CVSS3: 4.3

EPSS Низкий

Описание

The vulnerability allows any authenticated user to leak the contents of arbitrary “.m3u8” files from the PeerTube server due to a path traversal in the HLS endpoint.

Ссылки

https://github.com/Chocobozzz/PeerTube/releases/tag/v7.1.1
Release Notes
https://research.jfrog.com/vulnerabilities/peertube-hls-path-traversal/
Exploit
Third Party Advisory
https://research.jfrog.com/vulnerabilities/peertube-hls-path-traversal/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:framasoft:peertube:*:*:*:*:*:*:*:*

Версия до 7.1.1 (исключая)

EPSS

Процентиль: 6%

0.00024

Низкий

3.7 Low

CVSS3

4.3 Medium

CVSS3

Дефекты

CWE-22

Связанные уязвимости

CVE-2025-32943

CVSS3: 3.7

debian

10 месяцев назад

The vulnerability allows any authenticated user to leak the contents o ...

GHSA-7gg5-pghg-4cqq

CVSS3: 3.7

github

10 месяцев назад

The vulnerability allows any authenticated user to leak the contents of arbitrary “.m3u8” files from the PeerTube server due to a path traversal in the HLS endpoint.

EPSS

Процентиль: 6%

0.00024

Низкий

3.7 Low

CVSS3

4.3 Medium

CVSS3

Дефекты

CWE-22